AaPanel - Simple but Powerful web-based Control Panel

Last update: Jan 9, 2023

Related tags

Overview

Introduction:

aaPanel is the International version for BAOTA panel(www.bt.cn) There have millions servers had installed BAOTA panel since 2014 in China. aaPanel, a simple but powerful control panel, can manage the web server through web-based GUI(Graphical User Interface). aaPanel provides the one-click function such as one-click install LNMP/LAMP developing environment and software. Our main goal is helping users to save the time of deploying, thus users just focus on their own project that is fine.

History:

The founding R & D team of BaoTa has 5 people, all of whom have 5 to 10 years of experience in idc related industries.

When everyone discusses together and works in the schedule or their own use, they find that there is no such thing in the field of servers.

The company specializes in developing relevant software for ordinary users, especially those who do not know much about technology.

We found that for many users, operating the server is not easy, it is necessary to consult others, take time to search for answers, and even pay for simple questions.

There will be many pits involved in the cost. Some auxiliary software itself is more difficult than using the server.

Even this kind of painful point is itchiness. With the development of cloud servers, the number of server users has increased by several orders of magnitude.

The preparatory work for the establishment of the pagoda began at the end of 2014, and began to develop and test software in the first half of 2015.

At this stage, the pagoda brand was officially launched in 2016 and bt.cn was used as the official website.

In 2017, BaoTa tried to enter the overseas market, but because the number of people could not keep up, he decided to temporarily abandon the overseas market and focus on China.

In 2019, due to the gradual growth of BaoTa users, which has become the hosting control panel used by the most webmasters in China, it is decided to enter the overseas market and develop related plug-ins that are suitable for foreign friends__

What can it do:

aaPanel is a server management software that supports the Linux system.

It can easily manage the server through the Web terminal, improving the operation and maintenance efficiency.

For example:

create and manage websites, FTP, and databases, with visual file manager, visual software manager, visual CPU, memory, flow monitoring chart, scheduled tasks and other functions.

aaPanel has extremely fast and convenient one-key configuration and management, one-click configuration of server environment (LAMP / LNMP / Tomcat / Node.js /OpenLiteSpeed), one-click deployment of SSL, remote backup;

provide SSH open and close services, SSH port changes, ping prohibited , Firewall port release and operation log viewing; CPU, memory, disk IO, network IO data monitoring, you can set the number of days to record and save and view the data of a certain day;

scheduled tasks can be added and executed periodically, support SHELL script, provide website, database backup And log cutting, and support one-click backup to another cloud storage space, or other cloud storage space; through the web interface, you can easily manage the server software used for installation, as well as practical extension plug-ins;

convenient and efficient file manager integration , Support uploading, downloading, packaging, decompression and file editing and viewing.

Over 2,100,000 servers have installed aaPanel in Asia

HomePage:

WebSite Manager:

FTP Manager

DataBase Manager

File Manager

Cron Manager

Monitory

Security

Software

Online editor

Share files with your friends

Send link password or QR code to your friends

Your friend opens the link effect you shared

User Manual

Home Page：https://www.aapanel.com/

Forum Page：https://forum.aapanel.com/

Feedback： https://forum.aapanel.com/

Bug submission：https://forum.aapanel.com/

Installation command：

Centos

yum install -y wget && wget -O install.sh http://www.aapanel.com/script/install_6.0_en.sh && bash install.sh 66959f96

Ubuntu/Debian

wget -O install.sh http://www.aapanel.com/script/install-ubuntu_6.0_en.sh && sudo bash install.sh 66959f96

Comments

Security Vulnerability in aaPanel

Hi,

I would like to report a security vulnerability in aaPanel

I am not sure this is the right place as its public and visible to all, would you like me to post the details here? or email?

opened by ssd-disclosure 10
Can not select PHP version 8.X

It is not possible to set the PHP version for a website to 8.0 or 8.1, because those options do not appear in the list. It seems to be working with all versions below 7.X.

opened by paulkre 3
Fixed all spelling mistakes (without changing keys)
Hello :)

I'm using the aaPanel for 1 month now and wanted to contribute by fixing all spelling mistakes.

I only changed translations in English folder

Fixed mispelled words

Added some caps for proper nouns or app names

Removed 1 duplicated JSON key

Thanks for making and maintaining this awesome projet! I hope this contribution will be useful!
opened by QuentiumYT 3
Application submissions?

I noticed that this supports applications as "one-click" stuff but I was unable to find any documentation or how-to for submitting my application to your listings.

I make Chevereto and I would like to contribute the code needed for making this happen. Please let me know the procedure for doing that if this is an option.

Sorry if this is not the place to ask for.

opened by rodber 2
Installing aapanel on digitalocean droplets

Hi all,

I have one questions is there anyone have tried installing aapanel on droplet DO ? do you have any issue . I am planning to install but when I try to install it says web service is already install .

Therefore I discontinue installation process.

opened by KhairulAzmi21 2
Please Help What to do ?

Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.

opened by subhampro 2
Rewriting English translation

Hello,

I have been using aaPanel for a while now and think it is an amazing alternative to cPanel & Plesk. I have noticed that the English translation is not 100% correct. I am willing to rewrite the translation but it will obviously take some time.

I have made a start and look forward to the outcome.

opened by 69u 1

Redirecting to blank login page

I am using the latest docker image (https://hub.docker.com/r/aapanel/aapanel) and whatever image I use, I access 127.0.0.1:8886 and get redirected to /login what shows a blank page

run command:

docker run -d -p 8886:7800 -p 22:21 -p 443:443 -p 80:80 -p 889:888 -v ~/website_data:/www/wwwroot -v ~/mysql_data:/www/server/data -v ~/vhost:/www/server/panel/vhost aapanel/aapanel:lib

redirect issue:

curl -iL localhost:8886                                                                                                                                                                  
HTTP/1.1 302 FOUND
Content-Type: text/html; charset=utf-8
Content-Length: 219
Location: http://localhost:8886/login
Server: nginx
Connection: keep-alive
Date: Mon, 20 Jun 2022 08:33:02 GMT

HTTP/1.1 404 NOT FOUND
Content-Type: text/plain; charset=utf-8
Server: nginx
Connection: keep-alive
Content-Length: 0
Date: Mon, 20 Jun 2022 08:33:02 GMT

opened by philharmonie 1

MySQL 8 install script, issue on mysql version line 491, sqlVersion='8.0.22'
when install mysql 8 script has issue so it return error as below information.

i notice that line 491 is sqlVersion='8.0.22' and this is the issue on this script.

aapanel 6.8.23

error logs ====

sort: cannot read: ping.pl: No such file or directory --2022-04-30 12:29:55-- https://node.aapanel.com/install/1/mysql.sh Resolving node.aapanel.com (node.aapanel.com)... 172.67.171.7, 104.21.79.196, 2606:4700:3034::ac43:ab07, ... Connecting to node.aapanel.com (node.aapanel.com)|172.67.171.7|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 5038 (4.9K) [application/octet-stream] Saving to: ‘mysql.sh’

0K .... 100% 93.4M=0s

2022-04-30 12:29:56 (93.4 MB/s) - ‘mysql.sh’ saved [5038/5038]

selecting download node... http://128.1.164.196 selecting download node... --2022-04-30 12:30:10-- http://128.1.164.196/install/0/mysql.sh Connecting to 128.1.164.196:80... connected. HTTP request sent, awaiting response... 200 OK Length: 36412 (36K) [application/octet-stream] Saving to: ‘mysql.sh’

0K .......... .......... .......... ..... 100% 133K=0.3s

2022-04-30 12:30:10 (133 KB/s) - ‘mysql.sh’ saved [36412/36412]

selecting download node... Last metadata expiration check: 0:47:44 ago on Sat 30 Apr 2022 11:42:33 AM GMT. Package cmake-3.20.2-4.el8.aarch64 is already installed. Package libarchive-3.3.3-3.el8_5.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! groupadd: group 'mysql' already exists useradd: user 'mysql' already exists Last metadata expiration check: 0:47:48 ago on Sat 30 Apr 2022 11:42:33 AM GMT. Package libtirpc-1.1.4-5.0.1.el8.aarch64 is already installed. Package libtirpc-devel-1.1.4-5.0.1.el8.aarch64 is already installed. Dependencies resolved. Nothing to do. Complete! --2022-04-30 12:30:23-- http://dg2.bt.cn/src/mysql-boost-8.0.22.tar.gz Resolving dg2.bt.cn (dg2.bt.cn)... 116.213.43.206, 240e:a5:4200:89::256 Connecting to dg2.bt.cn (dg2.bt.cn)|116.213.43.206|:80... connected. HTTP request sent, awaiting response... 404 Not Found 2022-04-30 12:30:23 ERROR 404: Not Found.

gzip: stdin: unexpected end of file tar: Child returned status 1 tar: Error is not recoverable: exiting now mv: cannot stat 'mysql-8.0.22': No such file or directory mysql.sh: line 512: cd: src: No such file or directory cat: /www/server/panel/install/mysql/config.pl: No such file or directory mysql.sh: line 534: cd: too many arguments CMake Error: The source directory "/www/server/mysql" does not appear to contain CMakeLists.txt. Specify --help for usage, or press the help button on the CMake GUI. make: *** No targets specified and no makefile found. Stop.

Red Hat Enterprise Linux release 8.5 (Ootpa) Bit:64 Mem:23239M Core:4 gcc:8.5.0 cmake:3.20.2 Linux 5.4.17-2136.306.1.3.el8uek.aarch64 aarch64 ERROR: mysql 8.0 installation failed. 安装失败，请截图以上报错信息发帖至论坛www.bt.cn/bbs求助 |-Successify ---Script execution completed---

Suggest solution to be sqlVersion=${mysql_80}
opened by mohamedsalama 1
Bump pillow from 5.4.1 to 9.0.1
Bumps pillow from 5.4.1 to 9.0.1.

Release notes

Sourced from pillow's releases.

9.0.1

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html

Changes

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [@radarhere, @hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.1 (2022-02-03)

In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010 [radarhere, hugovk]

Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009 [radarhere]

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

... (truncated)

Commits

6deac9e 9.0.1 version bump

c04d812 Update CHANGES.rst [ci skip]

4fabec3 Added release notes for 9.0.1

02affaa Added delay after opening image with xdg-open

ca0b585 Updated formatting

427221e In show_file, use os.remove to remove temporary images

c930be0 Restrict builtins within lambdas for ImageMath.eval

75b69dd Dont need to pin for GHA

cd938a7 Autolink CWE numbers with sphinx-issues

2e9c461 Add CVE IDs

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pillow from 5.4.1 to 9.0.0
Bumps pillow from 5.4.1 to 9.0.0.

Release notes

Sourced from pillow's releases.

9.0.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html

Changes

Restrict builtins for ImageMath.eval() #5923 [@radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [@radarhere]

Fixed ImagePath.Path array handling #5920 [@radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [@radarhere]

Removed redundant part of condition #5915 [@radarhere]

Explicitly enable strip chopping for large uncompressed TIFFs #5517 [@kmilos]

Use the Windows method to get TCL functions on Cygwin #5807 [@DWesl]

Changed error type to allow for incremental WebP parsing #5404 [@radarhere]

Improved I;16 operations on big endian #5901 [@radarhere]

Ensure that BMP pixel data offset does not ignore palette #5899 [@radarhere]

Limit quantized palette to number of colors #5879 [@radarhere]

Use latin1 encoding to decode bytes #5870 [@radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [@radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [@radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [@radarhere]

Added rounding when converting P and PA #5824 [@radarhere]

Improved putdata() documentation and data handling #5910 [@radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [@radarhere]

Image.NONE is only used for resampling and dithers #5908 [@radarhere]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [@radarhere]

Add Tidelift alignment action and badge #5763 [@aclark4life]

Replaced further direct invocations of setup.py #5906 [@radarhere]

Added ImageShow support for xdg-open #5897 [@m-shinder]

Fixed typo #5902 [@radarhere]

Switched from deprecated "setup.py install" to "pip install ." #5896 [@radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [@cmbruns]

Fixed raising OSError in _safe_read when size is greater than SAFEBLOCK #5872 [@radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [@radarhere]

WebP: Fix memory leak during decoding on failure #5798 [@ilai-deutel]

Do not prematurely return in ImageFile when saving to stdout #5665 [@infmagic2047]

Added support for top right and bottom right TGA orientations #5829 [@radarhere]

Corrected ICNS file length in header #5845 [@radarhere]

Block tile TIFF tags when saving #5839 [@radarhere]

Added line width argument to ImageDraw polygon #5694 [@radarhere]

Do not redeclare class each time when converting to NumPy #5844 [@radarhere]

Only prevent repeated polygon pixels when drawing with transparency #5835 [@radarhere]

Fix pushes_fd method signature #5833 [@hoodmane]

Add support for pickling TrueType fonts #5826 [@hugovk]

Only prefer command line tools SDK on macOS over default MacOSX SDK #5828 [@radarhere]

Fix compilation on 64-bit Termux #5793 [@landfillbaby]

Replace 'setup.py sdist' with '-m build --sdist' #5785 [@hugovk]

Use declarative package configuration #5784 [@hugovk]

Use title for display in ImageShow #5788 [@radarhere]

Fix for PyQt6 #5775 [@hugovk]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.0.0 (2022-01-02)

Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923 [radarhere]

Ensure JpegImagePlugin stops at the end of a truncated file #5921 [radarhere]

Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920 [radarhere]

Remove consecutive duplicate tiles that only differ by their offset #5919 [radarhere]

Improved I;16 operations on big endian #5901 [radarhere]

Limit quantized palette to number of colors #5879 [radarhere]

Fixed palette index for zeroed color in FASTOCTREE quantize #5869 [radarhere]

When saving RGBA to GIF, make use of first transparent palette entry #5859 [radarhere]

Pass SAMPLEFORMAT to libtiff #5848 [radarhere]

Added rounding when converting P and PA #5824 [radarhere]

Improved putdata() documentation and data handling #5910 [radarhere]

Exclude carriage return in PDF regex to help prevent ReDoS #5912 [hugovk]

Fixed freeing pointer in ImageDraw.Outline.transform #5909 [radarhere]

Added ImageShow support for xdg-open #5897 [m-shinder, radarhere]

Support 16-bit grayscale ImageQt conversion #5856 [cmbruns, radarhere]

Convert subsequent GIF frames to RGB or RGBA #5857 [radarhere]

... (truncated)

Commits

82541b6 9.0.0 version bump

cae5ac4 Merge pull request #5924 from radarhere/cves

ed4cf78 CVEs TBD

d7f60d1 Merge pull request #5923 from radarhere/imagemath_eval

8531b01 Restrict builtins for ImageMath.eval

1efb1d9 Merge pull request #5922 from radarhere/releasenotes

f6c7871 Added release notes for #5919, #5920 and #5921

032d2dc Update CHANGES.rst [ci skip]

baae9ec Merge pull request #5921 from radarhere/jpeg_eoi

1059eb5 If appended EOI did not work, do not keep trying

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump certifi from 2021.10.8 to 2022.12.7
Bumps certifi from 2021.10.8 to 2022.12.7.

Commits

9e9e840 2022.12.07

b81bdb2 2022.09.24

939a28f 2022.09.14

aca828a 2022.06.15.2

de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...

b8eb5e9 2022.06.15.1

47fb7ab Fix deprecation warning on Python 3.11 (#199)

b0b48e0 fixes #198 -- update link in license

9d514b4 2022.06.15

4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump oauthlib from 3.2.0 to 3.2.1
Bumps oauthlib from 3.2.0 to 3.2.1.

Release notes

Sourced from oauthlib's releases.

3.2.1

In short

OAuth2.0 Provider:

#803 : Metadata endpoint support of non-HTTPS

CVE-2022-36087

OAuth1.0:

#818 : Allow IPv6 being parsed by signature

General:

Improved and fixed documentation warnings.

Cosmetic changes based on isort

What's Changed

add missing slots to TokenBase by @ariebovenberg in oauthlib/oauthlib#804

Add CORS support for Refresh Token Grant. by @luhn in oauthlib/oauthlib#806

GitHub Action to lint Python code by @cclauss in oauthlib/oauthlib#797

Docs: fix Sphinx warnings for better ReadTheDocs generation by @JonathanHuot in oauthlib/oauthlib#807

Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. by @luhn in oauthlib/oauthlib#803

chore: fix typo in test by @tamanobi in oauthlib/oauthlib#816

Fix typo in server.rst by @NemanjaT in oauthlib/oauthlib#819

Fixed isort imports by @dasm in oauthlib/oauthlib#820

docs: Fix a few typos by @timgates42 in oauthlib/oauthlib#822

docs: fix typos by @kianmeng in oauthlib/oauthlib#823

New Contributors

@ariebovenberg made their first contribution in oauthlib/oauthlib#804

@tamanobi made their first contribution in oauthlib/oauthlib#816

@NemanjaT made their first contribution in oauthlib/oauthlib#819

@kianmeng made their first contribution in oauthlib/oauthlib#823

Full Changelog: https://github.com/oauthlib/oauthlib/compare/v3.2.0...v3.2.1

Changelog

Sourced from oauthlib's changelog.

3.2.1 (2022-09-09)

OAuth2.0 Provider:

#803: Metadata endpoint support of non-HTTPS

CVE-2022-36087

OAuth1.0:

#818: Allow IPv6 being parsed by signature

General:

Improved and fixed documentation warnings.

Cosmetic changes based on isort

Commits

88bb156 Updated date and authors

1a45d97 Prepare 3.2.1 release

0adbbe1 docs: fix typos

6569ec3 docs: Fix a few typos

bdc486e Fixed isort imports

7db45bd Fix typo in server.rst

b14ad85 chore: s/bode_code_verifier/body_code_verifier/g

b123283 Allow non-HTTPS issuer when OAUTHLIB_INSECURE_TRANSPORT. (#803)

2f887b5 Docs: fix Sphinx warnings for better ReadTheDocs generation (#807)

d4bafd9 Merge pull request #797 from cclauss/patch-2

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump pillow from 5.4.1 to 9.3.0
Bumps pillow from 5.4.1 to 9.3.0.

Release notes

Sourced from pillow's releases.

9.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/9.3.0.html

Changes

Initialize libtiff buffer when saving #6699 [@radarhere]

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [@wiredfool]

Inline fname2char to fix memory leak #6329 [@nulano]

Fix memory leaks related to text features #6330 [@nulano]

Use double quotes for version check on old CPython on Windows #6695 [@hugovk]

GHA: replace deprecated set-output command with GITHUB_OUTPUT file #6697 [@nulano]

Remove backup implementation of Round for Windows platforms #6693 [@cgohlke]

Upload fribidi.dll to GitHub Actions #6532 [@nulano]

Fixed set_variation_by_name offset #6445 [@radarhere]

Windows build improvements #6562 [@nulano]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [@cgohlke]

Only use ASCII characters in C source file #6691 [@cgohlke]

Release Python GIL when converting images using matrix operations #6418 [@hmaarrfk]

Added ExifTags enums #6630 [@radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [@radarhere]

Added support for reading BMP images with RLE4 compression #6674 [@npjg]

Decode JPEG compressed BLP1 data in original mode #6678 [@radarhere]

pylint warnings #6659 [@marksmayo]

Added GPS TIFF tag info #6661 [@radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [@radarhere]

Do not attempt normalization if mode is already normal #6644 [@radarhere]

Fixed seeking to an L frame in a GIF #6576 [@radarhere]

Consider all frames when selecting mode for PNG save_all #6610 [@radarhere]

Don't reassign crc on ChunkStream close #6627 [@radarhere]

Raise a warning if NumPy failed to raise an error during conversion #6594 [@radarhere]

Only read a maximum of 100 bytes at a time in IMT header #6623 [@radarhere]

Show all frames in ImageShow #6611 [@radarhere]

Allow FLI palette chunk to not be first #6626 [@radarhere]

If first GIF frame has transparency for RGB_ALWAYS loading strategy, use RGBA mode #6592 [@radarhere]

Round box position to integer when pasting embedded color #6517 [@radarhere]

Removed EXIF prefix when saving WebP #6582 [@radarhere]

Pad IM palette to 768 bytes when saving #6579 [@radarhere]

Added DDS BC6H reading #6449 [@ShadelessFox]

Added support for opening WhiteIsZero 16-bit integer TIFF images #6642 [@JayWiz]

Raise an error when allocating translucent color to RGB palette #6654 [@jsbueno]

Moved mode check outside of loops #6650 [@radarhere]

Added reading of TIFF child images #6569 [@radarhere]

Improved ImageOps palette handling #6596 [@PososikTeam]

Defer parsing of palette into colors #6567 [@radarhere]

Apply transparency to P images in ImageTk.PhotoImage #6559 [@radarhere]

Use rounding in ImageOps contain() and pad() #6522 [@bibinhashley]

Fixed GIF remapping to palette with duplicate entries #6548 [@radarhere]

Allow remap_palette() to return an image with less than 256 palette entries #6543 [@radarhere]

Corrected BMP and TGA palette size when saving #6500 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

Initialize libtiff buffer when saving #6699 [radarhere]

Inline fname2char to fix memory leak #6329 [nulano]

Fix memory leaks related to text features #6330 [nulano]

Use double quotes for version check on old CPython on Windows #6695 [hugovk]

Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

Fixed set_variation_by_name offset #6445 [radarhere]

Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

Added ExifTags enums #6630 [radarhere]

Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

Added support for reading BMP images with RLE4 compression #6674 [npjg, radarhere]

Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

Added GPS TIFF tag info #6661 [radarhere]

Added conversion between RGB/RGBA/RGBX and LAB #6647 [radarhere]

Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

d594f4c Update CHANGES.rst [ci skip]

909dc64 9.3.0 version bump

1a51ce7 Merge pull request #6699 from hugovk/security-libtiff_buffer

2444cdd Merge pull request #6700 from hugovk/security-samples_per_pixel-sec

744f455 Added release notes

0846bfa Add to release notes

799a6a0 Fix linting

00b25fd Hide UserWarning in logs

05b175e Tighter test case

13f2c5a Prevent DOS with large SAMPLESPERPIXEL in Tiff IFD

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
tb后台今日提示

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='brandnew.aapanel.com', port=443): Max retries exceeded with url: /api/panel/getSoftList?status=False&msg=Please+login+with+account+first&environment_info=%7B%7D (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 110] Connection timed out'))

啥情况这是？

opened by sixgodfan 0

Project dependencies may have API risk issues

Hi, In aaPanel, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

Flask>=1.0.2
paramiko>=2.6.0
flask-socketio>=4.1.0
python-socketio>=4.2.0
flask_sockets>=0.2.1
Werkzeug>=0.15.1
Pillow==5.4.1
requests>=2.20
cffi>=1.12.3
psutil>=5.2.0
chardet>=3.0.4
Flask-Session>=0.3.1
flask-sqlalchemy>=2.3.2
gunicorn>=18.0
gevent-websocket>=0.10.1
pyopenssl>=19.0
cryptography>=2.7
six>=1.12.0
pyOpenSSL>=21.0.0

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict. The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project, The version constraint of dependency paramiko can be changed to >=1.13.0,<=2.11.0. The version constraint of dependency Werkzeug can be changed to >=0.9,<=0.16.1. The version constraint of dependency Pillow can be changed to ==9.2.0. The version constraint of dependency Pillow can be changed to >=2.0.0,<=9.1.1. The version constraint of dependency requests can be changed to >=2.4.0,<=2.15.1. The version constraint of dependency psutil can be changed to >=5.0.0,<=5.9.1. The version constraint of dependency Flask-Session can be changed to >=0.2,<=0.4.0. The version constraint of dependency flask-sqlalchemy can be changed to >=0.16,<=3.0.0a1. The version constraint of dependency pyopenssl can be changed to >=0.14,<=22.0.0. The version constraint of dependency cryptography can be changed to >=0.6,<=37.0.2. The version constraint of dependency pyOpenSSL can be changed to >=0.14,<=22.0.0.

The above modification suggestions can reduce the dependency conflicts as much as possible, and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the paramiko

paramiko.Transport

The calling methods from the Werkzeug

werkzeug.datastructures.CallbackDict.__init__
werkzeug.wrappers.Response
werkzeug.routing.Map
werkzeug.contrib.cache.FileSystemCache
werkzeug.routing.Rule
werkzeug.http.parse_cookie

The calling methods from the Pillow

PIL.ImageFont.truetype
PIL.Image.new

The calling methods from the requests

requests.delete
requests.post
requests.get
requests.packages.urllib3.disable_warnings

The calling methods from the psutil

psutil.cpu_count
psutil.Process.connections
psutil.cpu_percent
psutil.Process.username
psutil.Process.kill
psutil.Process.exe
psutil.cpu_times_percent
psutil.Process.open_files
psutil.process_iter
psutil.Process.oneshot
psutil.Process.cwd
psutil.net_io_counters
psutil.Process.name
psutil.pids
psutil.boot_time
psutil.Process.ppid
psutil.Process.memory_percent
psutil.disk_io_counters
psutil.Process.num_threads
psutil.Process
psutil.disk_partitions
psutil.net_connections
psutil.Process.create_time
psutil.disk_usage
psutil.Process.status
psutil.Process.cpu_percent
psutil.Process.cmdline
psutil.Process.memory_full_info
psutil.virtual_memory
psutil.cpu_times
psutil.Process.cpu_times

The calling methods from the Flask-Session

sessions.SqlAlchemySessionInterface

The calling methods from the flask-sqlalchemy

flask_sqlalchemy.SQLAlchemy

The calling methods from the pyopenssl

OpenSSL.crypto.dump_certificate
OpenSSL.crypto.X509Extension
OpenSSL.crypto.load_privatekey
OpenSSL.crypto.PKCS12.set_ca_certificates
OpenSSL.crypto.dump_certificate_request
OpenSSL.crypto.load_certificate
OpenSSL.crypto.PKCS12
OpenSSL.crypto.X509Req
OpenSSL.crypto.PKCS12.set_certificate
OpenSSL.crypto.X509.gmtime_adj_notAfter
OpenSSL.crypto.X509Req.set_version
OpenSSL.crypto.X509Req.set_pubkey
OpenSSL.crypto.X509.set_serial_number
OpenSSL.crypto.X509Req.sign
OpenSSL.crypto.PKey
OpenSSL.crypto.PKCS12.export
OpenSSL.crypto.X509Req.add_extensions
OpenSSL.crypto.load_pkcs12
OpenSSL.crypto.X509.set_pubkey
OpenSSL.crypto.PKCS12.set_friendlyname
OpenSSL.crypto.X509.gmtime_adj_notBefore
OpenSSL.crypto.PKey.generate_key
OpenSSL.crypto.X509.sign
OpenSSL.crypto.X509.set_issuer
OpenSSL.crypto.dump_privatekey
OpenSSL.crypto.PKCS12.set_privatekey
OpenSSL.crypto.X509.get_subject
OpenSSL.crypto.X509
OpenSSL.crypto.X509Req.get_subject
OpenSSL.crypto.sign

The calling methods from the cryptography

cryptography.hazmat.primitives.serialization.load_pem_private_key

The calling methods from the pyOpenSSL

OpenSSL.crypto.dump_certificate
OpenSSL.crypto.X509Extension
OpenSSL.crypto.load_privatekey
OpenSSL.crypto.PKCS12.set_ca_certificates
OpenSSL.crypto.dump_certificate_request
OpenSSL.crypto.load_certificate
OpenSSL.crypto.PKCS12
OpenSSL.crypto.X509Req
OpenSSL.crypto.PKCS12.set_certificate
OpenSSL.crypto.X509.gmtime_adj_notAfter
OpenSSL.crypto.X509Req.set_version
OpenSSL.crypto.X509Req.set_pubkey
OpenSSL.crypto.X509.set_serial_number
OpenSSL.crypto.X509Req.sign
OpenSSL.crypto.PKey
OpenSSL.crypto.PKCS12.export
OpenSSL.crypto.X509Req.add_extensions
OpenSSL.crypto.load_pkcs12
OpenSSL.crypto.X509.set_pubkey
OpenSSL.crypto.PKCS12.set_friendlyname
OpenSSL.crypto.X509.gmtime_adj_notBefore
OpenSSL.crypto.PKey.generate_key
OpenSSL.crypto.X509.sign
OpenSSL.crypto.X509.set_issuer
OpenSSL.crypto.dump_privatekey
OpenSSL.crypto.PKCS12.set_privatekey
OpenSSL.crypto.X509.get_subject
OpenSSL.crypto.X509
OpenSSL.crypto.X509Req.get_subject
OpenSSL.crypto.sign

@developer Could please help me check this issue? May I pull a request to fix it? Thank you very much.

opened by PyDeps 1